Securing connected-car tech will take 1 to 3 years, survey says

Automakers and suppliers believe it will take one to three years to secure connected-car technology, according to a new study.

The survey of manufacturers, parts makers and European drivers by International Data Corp. and commissioned by security company Veracode found that while the auto industry is aware of potential privacy and safety problems and is working to resolve them, it is unclear how quickly the potential problems can be addressed.

Veracode Chief Technology Officer Chris Wysopal said that in the wake of last year’s hacking of a Jeep Cherokee by a pair of professional computer hackers, manufacturers and suppliers have a greater understanding than ever of cyberthreats. But survey respondents -- including Fiat Chrysler, Bosch and Delphi -- said on average that it will be one to three years before connected-car technology will be secure.

“They’re admitting that everything they built today wasn’t built with security in mind,” Wysopal said.

The security of connected-car technology likely will become more prevalent, Wysopal said. The study found that half of European drivers are concerned about security and privacy in connected cars, while about two-thirds say they would hold the manufacturer and app developers liable for security.

Wysopal said manufacturers would be wise to keep a car’s performance and infotainment systems separate to reduce the risk of “contamination” from the possibility of hackers gaining control of infotainment system software and being able to affect a vehicle’s engine, braking or steering systems, compromising driver safety.

“The more you can separate the systems, the more secure it’ll be,” he said.

He said the best way to do that is to let Apple, Google and others develop the infotainment systems separately and to use their systems. He said that will require more cooperation on security from manufacturers and Apple and Google, who all compete with each other.